Insider Hacker or Cracker - Computer Definition

An employee of a company who performs exploits within the company’s networks.
Hackers are authorized to find vulnerabilities in a company’s ­networks and to
fix them, whereas crackers exploit the flaws without having the authorization
to do so—usually for some personal gain.

Insiders who crack the system to cause damage are often
angered employees who have been fired from their jobs and have the computer
skills to cause damage. They can, for example, plant logic bombs that do damage after the employees leave. One
of the most discussed “insider” crack attacks happened in 1996 at Omega
Engineering, where an employee, Timothy Lloyd, sabotaged the company’s network
with a logic bomb. He apparently did this as an act of revenge for being fired.
That exploit cost the company $12 million in network damages and forced the
eventual layoff of about 80 employees. Because of all the money it took to
recover from this incident, Omega Engineering said it lost its lead in the
marketplace.

More recently, on March 11, 2005, Kaiser Permanente notified
140 patients that an angry ­former employee put on her Weblog confidential
information from the firm’s electronic files. The
ex-employee, Elisa D. Cooper, calling herself the “Diva of Disgruntled,”
said in her defense that the company included private patient information on
its Website. All she was doing, she said, was informing the company of its
self-created problem. Under the HIPAA legislation, the Diva of Disgruntled, if
found guilty, could be made to pay $250,000 in fines and spend 10 years behind
bars for unauthorized disclosure of clients’ personal data. To date, a fine of
$200,000 was imposed on the company by California State Regulators for
illegally disclosing patient’s personal information on the Internet. The case
against Cooper has not been finalized.

Another way that insiders may take revenge on a company is
not to exploit the company’s network but to send over the Internet proprietary
information to competitors. One such example was reported in 2005 when Shin-Guo
Tsai, a permanent resident in the United States and an employee of Volterra
Semiconductor Corporation in San Francisco, emailed computer chip design data
from his company’s computers to a potential rival company in Taiwan. Though Tsai
announced to his employer that he was returning to Taiwan to get married, when
FBI agents appeared at his door in February 2005, he admitted that he had sent
proprietary information to CMSC, Inc., a Taiwanese start-up company involved in
a business line similar to Volterra’s. If convicted of the charges, Tsai could
find himself behind bars for 10 years. He pleaded guilty and is awaiting
sentencing.

Given these incidents, it is not surprising that even back
in 1998, the CSI/FBI survey findings disclosed that the
average cost of successful computer cracks by outsiders was $56,000, whereas
the average cost of malicious acts perpetrated by insiders was $2.7 million.
While the average cost has gone down to $24,000 in the 2005 CSI/FBI survey, the
number of incidents has risen sharply. Three-quarters of the surveyed
organizations reported a financial loss. Insider crackers appear to do far more
damage to companies’ computers than do outsider crackers.

So what personal traits do these damage-causing insiders
have? After analyzing a pool of more than 100 cracking cases provided by
computer crime investigators, prosecutors, and security specialists over the
1997–1999 time period, researchers Eric D. Shaw,
Jerrold M. Post, and Kevin G. Ruby said that insider computer criminals tend to
be:

• Troubled by family problems in their childhoods

• Introverted individuals who admit to being more comfortable
solving cognitive problems than interacting with others in the workplace

• More dependent on online interactions than on face-to-face
interactions